Jamf Nation Community

rob_potvin · ‎11-09-2011

Hey one more quick question. On our rollout we had a bit of a wireless blip and it seems that some machines didn't run the user startup script so I have a couple of kids out there that are local admins.

I was wondering if its possible (of course its possible) to create an extension attribute that would give you a list of admin users that have an uid over 500 and are part of the admin group and then create a smart list based on the finding so you can then run a policy to remove them

Thanks

Rob

rmanly · ‎11-09-2011

This will do the EA for you.

#!/bin/bash

list=()

for username in $(dscl . list /Users UniqueID | awk '$2 > 500 { print $1
}'); do if [[ $(dsmemberutil checkmembership -U "${username}" -G admin) !
*not* ]]; then list+=("${username}") fi
done

printf "%s " "result>${list[@]}</result"
echo

You probably don't need that echo at the end for actually getting the EA
into Casper. It is just in there for getting your prompt back on its own
line when running from the command line.

Ryan M. Manly
Glenbrook High Schools

Walter · ‎11-09-2011

Great little piece of code. You can just use "echo" in place of printf and skip the "%s " unless you want that trailing space.

echo "result>${list[@]}</result"

Walter
--
Walter Rowe, System Hosting
Enterprise Systems / OISM
walter.rowe at nist.gov<mailto:walter.rowe at nist.gov>
301-975-2885

rmanly · ‎11-10-2011

Good point!

I was trying to force the space between multiple usernames when I didn't
need to. :)

Ryan M. Manly
Glenbrook High Schools

Jamf Nation Community

Finding if accounts are admin